Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request] Create users with temporary password #5371

Open
bertoost opened this issue Dec 22, 2019 · 14 comments
Open

[Feature request] Create users with temporary password #5371

bertoost opened this issue Dec 22, 2019 · 14 comments

Comments

@bertoost
Copy link
Contributor

@bertoost bertoost commented Dec 22, 2019

Description

Currently you can create a user but only have the ability to send an activation email. This is not what I want when I create a new user from the CP. I usually create an user for my client (to manage their project) and I would like to create a new user with a temporary password. For example; the user should change it when they login for the first time.

Additional info

  • Craft version: 3.3.18.1
  • PHP version: 7.3.10
  • Database driver & version: MySQL 8.0
  • Plugins & versions: -
@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Dec 24, 2019

There’s also the ability to copy their activation URL, which you could send to them. That URL will take them to a “Choose a password” screen.

A user action menu with “Copy activation URL” selected.

Is there some additional benefit to giving them a temporary password that they must reset immediately, that isn’t covered by this workflow?

@narration-sd

This comment has been minimized.

Copy link
Contributor

@narration-sd narration-sd commented Dec 24, 2019

@brandonkelly I could say that in arranging testing, it's something run into a number of times that you'd like to set up a user without an email involved, as the vm or droplet doesn't do email. I've often copied a prebuilt encrypt into the user on the db for this, but...

Also occurs to me is that sometimes it's nice to check out what a new user's logged-in presentation is going to be. Arranging for this takes a little more option than asked for here, but you could consider about it.

In any case, best holiday wishes for you, family, and crew up there!

@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Dec 24, 2019

@narration-sd registering a user without even providing an email address is a very different request, as that is currently one of only two identifying attributes that users have (the other being their username).

@narration-sd

This comment has been minimized.

Copy link
Contributor

@narration-sd narration-sd commented Dec 24, 2019

It is, no question, and should have mentioned that as well. But also separate from the second point, about ability to pre-see...

Security, and your ability to have confidence from the Craft end that you're not sending people into a problem there is definitely an important point, so if you don't want added abilities, could be well understood. I haven't a surrounding thought that addresses all of these consistently, so your stocking is so far empty of presents there :)

@bertoost

This comment has been minimized.

Copy link
Contributor Author

@bertoost bertoost commented Dec 30, 2019

@brandonkelly I understand your point of view. But for now I have to take those actions and capture the email before the client does.
Therefore it would be great if I was able to configure a password, make the account active, and just send my client an email to get them started. That's from a business point of view.
Once the client logs-in, they should be changing their password of course.

@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Dec 30, 2019

I’m not sure I’m following. Wouldn’t it be easier to email them the activation URL?

If you can set a temporary password first, this is what your instructions would look like:

  1. Go to [cp-link]
  2. Login with the username/password: [username]/[password]
  3. Once you’ve logged in, you will be forced to create a new password.

vs. here’s what your instructions can look like currently, if you send them the activation URL:

  1. Go to [activation-link]
  2. Fill in a password.
  3. You will be redirected to the login page. Use your password to login.

(You can even remove step 3 if you have autoLoginAfterAccountActivation enabled.

@bertoost

This comment has been minimized.

Copy link
Contributor Author

@bertoost bertoost commented Dec 30, 2019

I understand Brandon. That's not the problem.

It's more the case that I want to email my customer by myself, it's more like customer experience. When I deliver a project, I need to send the customer an email anyway. I would like to provide a temporary password together with the URL (of the CP). But once the client logs-in, (s)he needs to change their password since it's a temporary one.
Sending an activation link is an extra email which I always have to explain my client before I send the "delivery" email. And then the client have to read my manual email first (which I can't force).

And besides that, my staging environment does not actually sends email, but capturing it. So, I even have to explain more than essentially necessary.

Hope this makes more sense.

@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Dec 30, 2019

You can still be the one to send the activation link. When registering a user, just uncheck the “Send an activation email now?” box, so Craft doesn’t send the email automatically. Then when you are ready to send them an email, use the “Copy activation URL” option, not the “Send activation email” option. (The one that is highlighted in my screenshot above.)

@bertoost

This comment has been minimized.

Copy link
Contributor Author

@bertoost bertoost commented Dec 30, 2019

You don't get my point. But never mind.

@bertoost bertoost closed this Dec 30, 2019
@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Dec 30, 2019

Just trying to understand the use case. Brad just mentioned that it’s semi-common to be able to set a temporary password on a user account (AWS lets you, for example), so I’m open to adding it as an alternative option, just to be consistent with other systems.

@bertoost

This comment has been minimized.

Copy link
Contributor Author

@bertoost bertoost commented Dec 30, 2019

Would be great. Indeed other systems give you this option as well.
But maybe it's better to write a plugin for this.

@AugustMiller

This comment has been minimized.

Copy link
Contributor

@AugustMiller AugustMiller commented Jan 7, 2020

Just noting that you can also do the activation yourself (setting the desired temporary password) then check the "Require password reset on next login" and save the user. Send the username + password to your client, and they should be able to log in and pick a new password.

I guess the one limitation is that the actual reset step happens on the other end of an automated email? This makes sense to me, as a security measure—but based on your staging config, I can understand this being problematic.

@brandonkelly

This comment has been minimized.

Copy link
Member

@brandonkelly brandonkelly commented Jan 9, 2020

I guess the one limitation is that the actual reset step happens on the other end of an automated email? This makes sense to me, as a security measure—but based on your staging config, I can understand this being problematic.

Good point. We should probably make that behavior configurable, so instead of going through email, it would show a new password input immediately in the login form.

@bertoost

This comment has been minimized.

Copy link
Contributor Author

@bertoost bertoost commented Jan 9, 2020

True @AugustMiller .. but that are multiple actions which could be done in just one action while creating a new user. So, less time consuming etc.
Maybe I have some time in the near future to submit a PR for this :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.